PT-2016-5193 · Unknown · Is-My-Json-Valid
Publicado
2016-02-23
·
Atualizado
2018-07-31
·
CVE-2016-2537
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
is-my-json-valid versions prior to 2.17.2
is-my-json-valid versions prior to 1.4.1
Description
The issue is related to an incorrect regular expression in the
is-my-json-valid package, which can cause a denial of service (blocked event loop) via a crafted string. This can be exploited by remote attackers. The vulnerability is also described as a regular expression denial of service (ReDoS) via the email validation function.Recommendations
Update to version 1.4.1 or later.
Update to version 2.17.2 or later.
Correção
RCE
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Is-My-Json-Valid